Centralized Authentication Server OpenAM vs FreeRadius -


the basic requirement centralize authentication , authorization of multiple saas applications ease development (each saas application using minimal code authenticate against single source) , when necessary provide sso. authentication mechanism must handle following options available user:

  1. use third party authentication -- google
  2. use our centralized authentication
  3. use corporate provided authentication (adfs)

in research, have found many, many ways can done , have found openam complete solution, came across freeradius used.

my questions are:

  1. there seems plug-in each tool 1 can use other (openam - authenticate against radius server), there use case freeradius preferred sole authentication server on openam.

  2. does openam require web agent installed server - if doing serving restful interface (developed in node.js) - possible authenticate users without installing web agent (there no web agent node.js).

  3. can pass user credentials browser -> server (node.js) -> openam thereby not giving user openam login screen. openam token passed openam -> server -> browser (setting cookies's origin saas's application. each saas application server serve "proxy" user management (authenticate, authorize, , manage[create|update|delete] users)

thank you

i'm open identity stack game deploying openam (and openidm + opendj) based solution handle solutions mention.

direct answers:

  1. as far handing sole authentication on freeradius don't see why want possible. given mention of multiple directories (identity sources - google, adfs, , centralized authentication) think hooking openam provide radius authentication (i.e. openam radius hook, not freeradius) make sense.
  2. no, web agent doesn't have applied may make sense. there node.js pieces (https://github.com/alesium/node-openam). need talk server openam side (rest) , should good.
  3. you can or can skin openam login screen own. i'd suggest latter you're relying on openam login screen security. if you're doing pure proxy take burden on. call design decision obviously.

good luck!


Comments

Post a Comment